d8a4e845306fe333af2a1aa58a1d7a7fb3ebc775105354956043ed33a7011394

Analysis

max time kernel
94s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 05:21

Target

2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll
Size

33KB
MD5

2f1f260592b513c649e5705a67e6150e
SHA1

84560920b7b9901a978e9e356d0eeffc91fbf6ca
SHA256

d8a4e845306fe333af2a1aa58a1d7a7fb3ebc775105354956043ed33a7011394
SHA512

14e10857fceb8f939d6e1a3d5f6d61b74cb4389117ed44d93670cc1b9732f979b42051cd94ac434ffbb2c50d572c0fc4d4c82af69465697aded882420ba839b3
SSDEEP

768:m5rQdVtf/IHuYbUoiPs0XnPF7AHAgqNVOsTRKVs850:4rQHtYOYV0Xd74AgU1RKVV50

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 4896	3908	rundll32.exe	82
PID 3908 wrote to memory of 4896	3908	rundll32.exe	82
PID 3908 wrote to memory of 4896	3908	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll,#1
  2⤵
  PID:4896